Trick or T(h)reat? Haunted House study reveals IoT

  • Research reveals over 70,000 access attempts to smart homes
  • Scan for smart home devices lists more than 68,365 open web GUIs globally, and 1914 from the UK
  • Sophos reveals 8 expert tips for running a secure Smart Home

Thursday, 26 Oct. 24, 2017 – Yesterday, Sophos has launched ‘Project Haunted House’, a continuous attack analysis and assessment of smart homes over the period of several weeks. With the aim of raising awareness of responsible IoT device use, a virtual smart home, simulated for this purpose and including original control and network infrastructures, has been set up and will be used as a potential target for attack and left exposed on the Internet.

The final results of the research project will be published in November 2017, however, first interim numbers from the project have revealed more than 70,000 access attempts from 24,089 individual IPS to our virtual house. Therefore, a clear tendency is already evident: the Haunted House is definitely no Halloween one-timer but a valid danger for private smart homes – if not handled correctly.

To bolster these numbers and make a classification in the largest context possible, the project also includes active internet scans for smart home devices via search engines like Shodan or Censys. A scan beginning in October resulted in more than 68,365 open web-interfaces from well-established smart home components globally, and 1914 from the UK, which are primarily used in private households – such as wireless window contacts, smoke detectors, automatic door opening/locking systems, and camera systems. All these devices were easily accessible without a password via the internet. The visualisation via heat maps is showing that the IoT technology is concentrated in cities and urban centers like London, Manchester and Birmingham while fading out into rural areas.

“The sheer numbers emphasise the importance of being cautious while building your smart home”, says James Burchell, Security Specialist. “Otherwise there is a growing chance that it won’t just be trick or treaters at your door this Halloween, but real life cyber gangsters that are looking for you money and data.”

[easy-tweet tweet=”Every IoT device needs to run with the most up to date firmware to be as secure as possible.” hashtags=”IoT, Technology”]

8 tips to NOT get a Haunted House but a secure Smart Home:

  1. Keep your home networks exclusive – Don’t share it with others.
  2. Don’t connect IoT devices with your home network if it isn’t necessary – Your TV for example mustn’t be connected to WLAN if you are mainly watching TV via cable or antenna.
  3. Create a separate network for IoT devices – If your WiFi router is able to create various networks (segmentation), you should implement a special network for IoT devices and thus interrupting access to your regular network
  4. Create various sealed off networks on different WLANs – It is even better to create various sealed off network areas for Home Office, entertainment electronics, building and security technique or the guest network – each with different WLANs. This can be enabled by a Firewall which is only allowing the communication that is necessary to use the components but not the infiltration of an infection from one IoT device to the other. You can install the Sophos UTM Home Edition Firewall for free on your PC.
  5. Use secure VPN technology – You shouldn’t use an insecure port forwarding on your router to get remote access to your IoT devices from the internet. Use a secure VPN on your smartphone or Mac/PC instead.
  6. Keep your software up to date – Install up to date AV software on all PCs, Macs and Android Smartphones. Free tools like Sophos Home or Sophos Mobile Security are available at the Sophos website.
  7. Secure everything with the latest firmware – Not just PC, laptop and smartphones – but every IoT device needs to run with the most up to date firmware to be as secure as possible. This might be time-consuming but is definitely worth the effort regarding security and privacy.
  8. Google is your friend – You might want to Google search potential security gaps of the IoT device you are going to use. This gives you a quick but good overview if the product of your choice is already a focus of hackers or even been hacked.
Website | + posts

Andrew McLean is the Studio Director at Disruptive Live, a Compare the Cloud brand. He is an experienced leader in the technology industry, with a background in delivering innovative & engaging live events. Andrew has a wealth of experience in producing engaging content, from live shows and webinars to roundtables and panel discussions. He has a passion for helping businesses understand the latest trends and technologies, and how they can be applied to drive growth and innovation.

Meet Stella

Newsletter

Related articles

The Metaverse: Virtually a reality?

Metaverses have the potential to enable virtual worlds to expand beyond the gaming genre to encompass all manner of social and commercial activities.

Cybersecurity and Cloud: A Look Back at 2022 and What to Expect in 2023

Businesses are continuously reassessing their resources and options to fill their tech stack. In this competitive digital landscape, the innovative use of technology will be something that would generate a competitive advantage for organisations.

Shopping for Data: Ensuring a seamless user experience 

This combination can drive a business’s data culture and provide a structured approach for businesses to benefit from data intelligence across their operations, with only a few clicks.

Unveiling the Top 10 Cybersecurity Threats to Watch Out for in 2023

As technology advances, so do cybercriminals' methods to gain unauthorised access to sensitive information. With the increasing reliance on technology in both personal and professional settings, it is crucial to stay informed about the top cybersecurity threats to watch out for in 2023.

Is sustainability ‘enough’ from a Cloud perspective?

The idea of uprooting entire sustainability initiatives that took years to formulate and deploy is unsettling for businesses but, in truth, it doesn’t have to be so revolutionary.

Subscribe to our Newsletter